Cryptam // document analysis


Sample Details

original filename: a5bc8c8b89177f961aa5c0413716cb94b753efbea1a1ec9061be53b1be5cd36a_.doc

size: 454656 bytes
submitted: 2019-02-04 21:51:25
md5: 53f7be945d5755bb628deecb71cdcbf2
sha1: dc560698ced8b4dffd7b35c7dcb82822a2d3c134
sha256: a5bc8c8b89177f961aa5c0413716cb94b753efbea1a1ec9061be53b1be5cd36a
ssdeep: 12288:rEENTQ3jtjp2Dh2vxtFdwLEmmW4N3m3CR:rEENTGjtd0hSxJa4NF
content/type: Composite Document File V2 Document, Little Endian, Os
analysis time: 5.16 s
result: malware [130]
embedded executable: found

signature hits:

24654: string.This program cannot be run in DOS mode
52778: string.GetModuleHandleA
53256: string.GetCommandLineA
54536: string.GetSystemMetrics
53560: string.GetProcAddress
53430: string.CreateProcessA
52878: string.CloseHandle
53082: string.CreateFileA
55166: string.RegOpenKeyExA
55062: string.RegDeleteKeyA
53620: string.KERNEL32
53176: string.ExitProcess
54082: string.CreateWindowExA
dropped.file exe c89c4bb51c1d3f4974863b53010b4f3e / 430080 bytes / @ 24576


Strings

raw strings
decrypted raw strings

Dropped Files

exe at 24576
md5: c89c4bb51c1d3f4974863b53010b4f3e
sha1: b3fb6f88652063f2e1f333dbb07da75ff9aadcf2
sha256: 15df102964713b783b8f912cf001f800cd4f86e03b6d86fc9d1b33e9ed66e489
view strings